<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>SSL context option listing</title>

 </head>
 <body><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="context.ftp.html">FTP context options</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="context.curl.html">CURL context options</a></div>
 <div class="up"><a href="context.html">上下文（Context）选项和参数</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="context.ssl" class="refentry">
 <div class="refnamediv">
  <h1 class="refname">SSL context options</h1>
  <p class="refpurpose"><span class="refname">SSL context options</span> &mdash; <span class="dc-title">SSL context option listing</span></p>

 </div>
 
 <div class="refsect1 description" id="refsect1-context.ssl-description">
  <h3 class="title">说明</h3>
  <p class="para">
   Context options for <em>ssl://</em> and <em>tls://</em>
   transports.
  </p>
 </div>


 <div class="refsect1 options" id="refsect1-context.ssl-options">
  <h3 class="title">可选项</h3>
  <p class="para">
   <dl>

    
     <dt id="context.ssl.verify-peer">
      <em><code class="parameter">verify_peer</code></em>
      <span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span>
     </dt>

     <dd>

      <p class="para">
       Require verification of SSL certificate used.
      </p>
      <p class="para">
       Defaults to <strong><code>FALSE</code></strong>.
      </p>
     </dd>

    
    
     <dt id="context.ssl.allow-self-signed">
      <em><code class="parameter">allow_self_signed</code></em>
      <span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span>
     </dt>

     <dd>

      <p class="para">
       Allow self-signed certificates. Requires
       <a href="context.ssl.html#context.ssl.verify-peer" class="link"><em><code class="parameter">verify_peer</code></em></a>.
      </p>
      <p class="para">
       Defaults to <strong><code>FALSE</code></strong>
      </p>
     </dd>

    
    
     <dt id="context.ssl.cafile">
      <em><code class="parameter">cafile</code></em>
      <span class="type"><a href="language.types.string.html" class="type string">string</a></span>
     </dt>

     <dd>

      <p class="para">
       Location of Certificate Authority file on local filesystem
       which should be used with the <em>verify_peer</em>
       context option to authenticate the identity of the remote peer.
      </p>
     </dd>

    
    
     <dt id="context.ssl.capath">
      <em><code class="parameter">capath</code></em>
      <span class="type"><a href="language.types.string.html" class="type string">string</a></span>
     </dt>

     <dd>

      <p class="para">
       If <em>cafile</em> is not specified or if the certificate
       is not found there, the directory pointed to by <em>capath</em> 
       is searched for a suitable certificate.  <em>capath</em>
       must be a correctly hashed certificate directory.
      </p>
     </dd>

    
    
     <dt id="context.ssl.local-cert">
      <em><code class="parameter">local_cert</code></em>
      <span class="type"><a href="language.types.string.html" class="type string">string</a></span>
     </dt>

     <dd>

      <p class="para">
       Path to local certificate file on filesystem.  It must be a PEM
       encoded file which contains your certificate and private key.
       It can optionally contain the certificate chain of issuers.
      </p>
     </dd>

    
    
     <dt id="context.ssl.passphrase">
      <em><code class="parameter">passphrase</code></em>
      <span class="type"><a href="language.types.string.html" class="type string">string</a></span>
     </dt>

     <dd>

      <p class="para">
       Passphrase with which your <em>local_cert</em> file
       was encoded.
      </p>
     </dd>

    
    
     <dt id="context.ssl.cn-match">
      <em><code class="parameter">CN_match</code></em>
      <span class="type"><a href="language.types.string.html" class="type string">string</a></span>
     </dt>

     <dd>

      <p class="para">
       Common Name we are expecting.  PHP will perform limited wildcard
       matching.  If the Common Name does not match this, the connection
       attempt will fail.
      </p>
     </dd>

    
    
     <dt id="context.ssl.verify-depth">
      <em><code class="parameter">verify_depth</code></em>
      <span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span>
     </dt>

     <dd>

      <p class="para">
       Abort if the certificate chain is too deep.
      </p>
      <p class="para">
       Defaults to no verification.
      </p>
     </dd>

    
    
     <dt id="context.ssl.ciphers">
      <em><code class="parameter">ciphers</code></em>
      <span class="type"><a href="language.types.string.html" class="type string">string</a></span>
     </dt>

     <dd>

      <p class="para">
       Sets the list of available ciphers. The format of the string is described
       in <a href="http://www.openssl.org/docs/apps/ciphers.html#CIPHER_LIST_FORMAT" class="link external">&raquo;&nbsp;ciphers(1)</a>.
      </p>
      <p class="para">
       Defaults to <em>DEFAULT</em>.
      </p>
     </dd>

    
    
     <dt id="context.ssl.capture-peer-cert">
      <em><code class="parameter">capture_peer_cert</code></em>
      <span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span>
     </dt>

     <dd>

      <p class="para">
       If set to <strong><code>TRUE</code></strong> a <em>peer_certificate</em> context option
       will be created containing the peer certificate.
      </p>
     </dd>

    
    
     <dt id="context.ssl.capture-peer-cert-chain">
      <em><code class="parameter">capture_peer_cert_chain</code></em>
      <span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span>
     </dt>

     <dd>

      <p class="para">
       If set to <strong><code>TRUE</code></strong> a <em>peer_certificate_chain</em> context
       option will be created containing the certificate chain.
      </p>
     </dd>

    
    
     <dt id="context.ssl.sni-enabled">
      <em><code class="parameter">SNI_enabled</code></em>
      <span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span>
     </dt>

     <dd>

      <p class="para">
       If set to <strong><code>TRUE</code></strong> server name indication will be enabled. Enabling SNI 
       allows multiple certificates on the same IP address.
      </p>
     </dd>

    
    
     <dt id="context.ssl.sni-server-name">
      <em><code class="parameter">SNI_server_name</code></em>
      <span class="type"><a href="language.types.string.html" class="type string">string</a></span>
     </dt>

     <dd>

      <p class="para">
       If set, then this value will be used as server name for server name 
       indication. If this value is not set, then the server name is guessed 
       based on the hostname used when opening the stream.
      </p>
     </dd>

    
    
     <dt id="context.ssl.disable-compression">
      <em><code class="parameter">disable_compression</code></em>
      <span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span>
     </dt>

     <dd>

      <p class="para">
       If set, disable TLS compression. This can help mitigate the CRIME attack
       vector. 
      </p>
     </dd>

    
   </dl>

  </p>
 </div>

 
 <div class="refsect1 changelog" id="refsect1-context.ssl-changelog">
  <h3 class="title">更新日志</h3>
  <p class="para">
   <table class="doctable informaltable">
    
     <thead>
      <tr>
       <th>版本</th>
       <th>说明</th>
      </tr>

     </thead>

     <tbody class="tbody">
      <tr>
       <td>5.4.13</td>
       <td>
        Added <em><code class="parameter">disable_compression</code></em>. Requires OpenSSL &gt;= 1.0.0.
       </td>
      </tr>

      <tr>
       <td>5.3.2</td>
       <td>
        Added <em><code class="parameter">SNI_enabled</code></em> and
        <em><code class="parameter">SNI_server_name</code></em>.
       </td>
      </tr>

      <tr>
       <td>5.0.0</td>
       <td>
        Added <em><code class="parameter">capture_peer_cert</code></em>,
        <em><code class="parameter">capture_peer_chain</code></em> and
        <em><code class="parameter">ciphers</code></em>.
       </td>
      </tr>

     </tbody>
    
   </table>

  </p>
 </div>


 <div class="refsect1 notes" id="refsect1-context.ssl-notes">
  <h3 class="title">注释</h3>
  <blockquote class="note"><p><strong class="note">Note</strong>: 
   <span class="simpara">
    Because <em>ssl://</em> is the underlying transport for the
    <a href="wrappers.http.html" class="link"><em>https://</em></a> and
    <a href="wrappers.ftp.html" class="link"><em>ftps://</em></a> wrappers, 
    any context options which apply to <em>ssl://</em> also apply to
    <em>https://</em> and <em>ftps://</em>.
   </span>
  </p></blockquote>
  <blockquote class="note"><p><strong class="note">Note</strong>: 
   <span class="simpara">
    For SNI (Server Name Indication) to be available, then PHP must be compiled 
    with OpenSSL 0.9.8j or greater. Use the 
    <strong><code>OPENSSL_TLSEXT_SERVER_NAME</code></strong> to determine whether SNI is 
    supported.
   </span>
  </p></blockquote>
 </div>


 <div class="refsect1 seealso" id="refsect1-context.ssl-seealso">
  <h3 class="title">参见</h3>
  <p class="para">
   <ul class="simplelist">
    <li class="member"><a href="context.socket.html" class="xref">套接字上下文选项</a></li>
   </ul>
  </p>
 </div>


</div><hr /><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="context.ftp.html">FTP context options</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="context.curl.html">CURL context options</a></div>
 <div class="up"><a href="context.html">上下文（Context）选项和参数</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
